def update_user(self, old_password, new_password, email):
user = self.get_user()
if user is None:
raise common.PermissionDenied(message="Not logged in")
if not self.checkpassword(user.key, old_password):
raise common.BadData(message='Invalid Password')
new_password and self.assert_password(new_password)
email and self.assert_email(email)
enc_password = new_password and self._generate_salted_hash(self.secret_key, new_password)
self.update_user1(user, enc_password, email)
def _process(self, key, data, prev_data=None):
self.key = key # hack to make key available when raising exceptions.
if 'key' not in data:
data['key'] = key
if web.ctx.get('infobase_bootstrap', False):
return data
assert data['key'] == key
data = common.parse_query(data)
self.validate_properties(data)
prev_data = prev_data and common.parse_query(prev_data)
if not web.ctx.get('disable_permission_check', False) and not self.has_permission(self.author, key):
raise common.PermissionDenied(message='Permission denied to modify %s' % repr(key))
type = data.get('type')
if type is None:
raise common.BadData(message="missing type", at=dict(key=key))
type = self.process_value(type, self.get_property(None, 'type'))
type = self.get_thing(type)
# when type is changed, consider as all object is modified and don't compare with prev data.
if prev_data and prev_data.get('type') != type.key:
prev_data = None
data = self.process_data(data, type, prev_data)
for k in common.READ_ONLY_PROPERTIES:
data.pop(k, None)
prev_data and prev_data.pop(k, None)
if data == prev_data:
return None
else:
return data
def g(self, *a, **kw):
user = self.get_user()
if user is None or user.key != get_user_root() + 'admin':
raise common.PermissionDenied(message='Permission Denied')
return f(self, *a, **kw)
def assert_trusted_machine(self):
if web.ctx.ip not in config.trusted_machines:
raise common.PermissionDenied(
message='Permission denied to login as admin from ' +
web.ctx.ip)